Disable the X-Requested-With header to avoid preflighting remote POST requests. Fixes #4601.
This commit is contained in:
parent
0f6e9a8c69
commit
a7678267d8
10
src/ajax.js
10
src/ajax.js
|
@ -275,13 +275,12 @@ jQuery.extend({
|
||||||
}
|
}
|
||||||
|
|
||||||
// Matches an absolute URL, and saves the domain
|
// Matches an absolute URL, and saves the domain
|
||||||
var parts = rurl.exec( s.url );
|
var parts = rurl.exec( s.url ),
|
||||||
|
remote = parts && (parts[1] && parts[1] !== location.protocol || parts[2] !== location.host);
|
||||||
|
|
||||||
// If we're requesting a remote document
|
// If we're requesting a remote document
|
||||||
// and trying to load JSON or Script with a GET
|
// and trying to load JSON or Script with a GET
|
||||||
if ( s.dataType === "script" && type === "GET" && parts
|
if ( s.dataType === "script" && type === "GET" && remote ) {
|
||||||
&& ( parts[1] && parts[1] !== location.protocol || parts[2] !== location.host )) {
|
|
||||||
|
|
||||||
var head = document.getElementsByTagName("head")[0] || document.documentElement;
|
var head = document.getElementsByTagName("head")[0] || document.documentElement;
|
||||||
var script = document.createElement("script");
|
var script = document.createElement("script");
|
||||||
script.src = s.url;
|
script.src = s.url;
|
||||||
|
@ -350,7 +349,10 @@ jQuery.extend({
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set header so the called script knows that it's an XMLHttpRequest
|
// Set header so the called script knows that it's an XMLHttpRequest
|
||||||
|
// Only send the header if it's not a remote XHR
|
||||||
|
if ( !remote ) {
|
||||||
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
|
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
|
||||||
|
}
|
||||||
|
|
||||||
// Set the Accepts header for the server, depending on the dataType
|
// Set the Accepts header for the server, depending on the dataType
|
||||||
xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ?
|
xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ?
|
||||||
|
|
Loading…
Reference in a new issue